[SECURITY] Fedora Core 5 Update: firefox-1.5.0.7-1.fc5

Fri Sep 15 01:47:55 UTC 2006

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-976
2006-09-14
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : firefox
Version     : 1.5.0.7
Release     : 1.fc5
Summary     : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

---------------------------------------------------------------------
Update Information:

Mozilla Firefox is an open source Web browser.

Two flaws were found in the way Firefox processed certain
regular expressions. A malicious web page could crash the
browser or possibly execute arbitrary code as the user
running Firefox. (CVE-2006-4565, CVE-2006-4566)

A number of flaws were found in Firefox. A malicious web
page could crash the browser or possibly execute arbitrary
code as the user running Firefox. (CVE-2006-4571)

A flaw was found in the handling of JavaScript timed events.
A malicious web page could crash the browser or possibly
execute arbitrary code as the user running Firefox.
(CVE-2006-4253)

A flaw was found in the Firefox auto-update verification
system. An attacker who has the ability to spoof a victim's
DNS could get Firefox to download and install malicious
code. In order to exploit this issue an attacker would also
need to get a victim to previously accept an unverifiable
certificate. (CVE-2006-4567)

Firefox did not properly prevent a frame in one domain from
injecting content into a sub-frame that belongs to another
domain, which facilitates website spoofing and other attacks
(CVE-2006-4568)

Firefox did not load manually opened, blocked popups in the
right domain context, which could lead to cross-site
scripting attacks. In order to exploit this issue an
attacker would need to find a site which would frame their
malicious page and convince the user to manually open a
blocked popup. (CVE-2006-4569)

Users of Firefox are advised to upgrade to this update,
which contains Firefox version 1.5.0.7 that corrects these
issues.
---------------------------------------------------------------------
* Wed Sep 13 2006 Christopher Aillon <caillon at redhat.com> - 1.5.0.7-1
- Update to 1.5.0.7
- Bring in pango patches from rawhide to fix MathML and cursor positioning
* Tue Aug  8 2006 Jesse Keating <jkeating at redhat.com> - 1.5.0.6-2
- Use dist tag
- rebuild
* Thu Aug  3 2006 Kai Engert <kengert at redhat.com> - 1.5.0.6-1.1.fc5
- Update to 1.5.0.6
* Thu Jul 27 2006 Christopher Aillon <caillon at redhat.com> - 1.5.0.5-1.1.fc5
- Update to 1.5.0.5
* Wed Jun 14 2006 Kai Engert <kengert at redhat.com> - 1.5.0.4-1.2.fc5
- Force "gmake -j1" on ppc ppc64 s390 s390x
* Mon Jun 12 2006 Kai Engert <kengert at redhat.com> - 1.5.0.4-1.1.fc5
- Firefox 1.5.0.4

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

778e5bf66d59d06fbaad11adf079e884be53fa28  SRPMS/firefox-1.5.0.7-1.fc5.src.rpm
778e5bf66d59d06fbaad11adf079e884be53fa28  noarch/firefox-1.5.0.7-1.fc5.src.rpm
e3c66758b8b096b3787aabdf53dfd6011af92efc  ppc/debug/firefox-debuginfo-1.5.0.7-1.fc5.ppc.rpm
32ceba9a064a6ceaa3221aa88496a1d52179e315  ppc/firefox-1.5.0.7-1.fc5.ppc.rpm
0cc86390c4d8813d4b771468e4a1d13eea334cdd  x86_64/debug/firefox-debuginfo-1.5.0.7-1.fc5.x86_64.rpm
ffaaf9b4bd4f1974c940875eaea41c12873b92a8  x86_64/firefox-1.5.0.7-1.fc5.x86_64.rpm
021ec6c0f1d16f2b2d49346f80ed7d06102ae9a6  i386/firefox-1.5.0.7-1.fc5.i386.rpm
8888ee93e48e01d07ac8767bd201b27364ffb83a  i386/debug/firefox-debuginfo-1.5.0.7-1.fc5.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------